CVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts

🗓️ 25 Jan 2026 14:36:12Reported by LinuxType

Linux kernel fix for can j1939 session deactivation after second request to prevent refcount leak.

Reporter	Title	Published	Views	Family All 118
ATTACKERKB	CVE-2026-22997	25 Jan 202614:36	–	attackerkb
CBLMariner	CVE-2026-22997 affecting package kernel for versions less than 6.6.126.1-1	10 Mar 202622:56	–	cbl_mariner
CBLMariner	CVE-2026-22997 affecting package kernel for versions less than 5.15.200.1-1	9 Mar 202614:32	–	cbl_mariner
Circl	CVE-2026-22997	25 Jan 202615:14	–	circl
CNNVD	Linux Kernel Security Vulnerabilities	25 Jan 202600:00	–	cnnvd
CVE	CVE-2026-22997	25 Jan 202614:36	–	cve
Debian	[SECURITY] [DLA 4475-1] linux security update	11 Feb 202612:47	–	debian
Debian	[SECURITY] [DLA 4476-1] linux-6.1 security update	11 Feb 202612:48	–	debian
Debian	[SECURITY] [DSA 6126-1] linux security update	9 Feb 202618:21	–	debian
Debian	[SECURITY] [DSA 6127-1] linux security update	9 Feb 202619:19	–	debian

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/can/j1939/transport.c"
    ],
    "versions": [
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "a73e7d7e346dae1c22dc3e95b02ca464b12daf2c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "adabf01c19561e42899da9de56a6a1da0e6b8a5b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "b1d67607e97d489c0cfbbf55f48a76b00710b0e4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "809a437e27a3bf3c1c6c8c157773635552116f2b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "cb2a610867bc379988bae0bb4b8bbc59c0decf1a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "6121b7564c725b632ffe4764abe85aa239d37703",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9d71dd0c70099914fcd063135da3c580865e924c",
        "lessThan": "1809c82aa073a11b7d335ae932d81ce51a588a4a",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/can/j1939/transport.c"
    ],
    "versions": [
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.4",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.10.249",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.199",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.162",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.122",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.67",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18.7",
        "lessThanOrEqual": "6.18.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.19",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/1809c82aa073a11b7d335ae932d81ce51a588a4a
git	www.git.kernel.org/stable/c/cb2a610867bc379988bae0bb4b8bbc59c0decf1a
git	www.git.kernel.org/stable/c/6121b7564c725b632ffe4764abe85aa239d37703
git	www.git.kernel.org/stable/c/a73e7d7e346dae1c22dc3e95b02ca464b12daf2c
git	www.git.kernel.org/stable/c/809a437e27a3bf3c1c6c8c157773635552116f2b
git	www.git.kernel.org/stable/c/b1d67607e97d489c0cfbbf55f48a76b00710b0e4
git	www.git.kernel.org/stable/c/adabf01c19561e42899da9de56a6a1da0e6b8a5b

11 May 2026 21:58Current

CVSS 3.17.5

EPSS0.00424